CyberRota
← Ana sayfaya dön

CVE-2026-45406

CRITICAL · CVSS 9 EPSS %0.27 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-26T17:16:33.150 · Çekilme zamanı: 2026-06-30T18:35:53.486325+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-45406
Severity
CRITICAL
CVSS
9
EPSS
%0.27
Docker

Orijinal NVD Açıklaması

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containing a single quote breaks the quoting and allows command substitution to execute arbitrary commands on the host as the dokku user during the app's next deploy. This vulnerability is fixed in 0.38.2.